NON-COMPLIANCE IS COSTLY Maximum ­nes for non-compliance will be substantial – violators will be required to pay a ­ne up to 100 000 000€ or up to 5% of the annual worldwide turnover, in the case of an enterprise, whichever is higher. *

DATA PORTABILITY Data subjects will be able to obtain a copy of their data in a commonly used format in order to transfer it to another service provider.

EVIDENCE OF COMPLIANCE Organizations will need to demonstrate policies and procedures in place and how they monitor compliance.

CONSENT IS REQUIRED MORE EXPLICITLY An “appropriate method” must be available to to ensure that a data subject has expressed consent to the processing of personal data.

DATA BREACH NOTIFICATION & REPORTING OBLIGATIONS The EU regulation will legally enforce the noti­cation of data breach. Enterprises will be required to provide noti­cation of a personal data breach without undue delay to the supervisory authority. Auditable reporting is no longer optional and can lower penalties if a breach occurs. A data breach could lead to closer scrutiny of other processes including erasure.

THE RIGHT TO BE FORGOTTEN, THE RIGHT TO ERASURE The data subject shall have the right to the erasure of any personal data relating to them, including any links to, or copy of, that data.

DATA PROTECTION OFFICERS An organization with over 250 employees will be required to appoint a Data Protection O‑cer to ensure compliance. Expect erasure processes to be audited by clients in the future.

BROAD TERRITORIAL SCOPE Rules will apply to EU citizens’ and EU residents’ data, even if the data controller/processor is not located in the EU.

MORE RESONSIBILITY FOR DATA PROCESSORS The regulation imposes liability on processors as both the controller and processor are required to uphold technical and organizational measures when processing data as well as any third party that performs data erasure processing.

*Based on the latest draft of the current proposal of the EU GDPR.

It is recommended to seek explicit advice about individual circumstances regarding full compliance with the Regulation.